2 matches found
Form Lightbox - Arbitrary Option Update Leading to Admin Account
This is a plugin that is no longer in the WordPress repository, however, is still in use on some sites. With this vulnerability an attacker can update any option in the WordPress database. This includes gaining an admin access. Using the file ajax.php that contains the following line: updateoptio...
WordPress Form Lightbox Plugin - BYPASS
This vulnerability allows the attackers to update any option in the WordPress database. It includes gaining an admin access. Solution There is no fix, because this plugin is no longer in the WordPress repository...